| <!DOCTYPE html> |
| <html> |
| <head> |
| <title>'X-Content-Type-Options: nosniff;' allows scripts!</title> |
| <body> |
| <script src="/js-test-resources/js-test-pre.js"></script> |
| <script> |
| description('Check that script sent with an \'X-Content-Type-Options: nosniff\' header is correctly allowed if the MIME type is scripty.'); |
| window.jsTestIsAsync = true; |
| |
| var scriptyMimeTypes = [ |
| "text/javascript1.1", |
| "text/javascript1.2", |
| "text/javascript1.3", |
| "text/livescript", |
| 'application/ecmascript', |
| 'application/javascript', |
| 'application/x-javascript', |
| 'text/ecmascript', |
| 'text/javascript', |
| 'text/jscript', |
| ]; |
| |
| window.scriptsSuccessfullyLoaded = 0; |
| |
| for (var i = 0; i < scriptyMimeTypes.length; i++) { |
| document.write('<script src="./resources/script-with-header.pl?mime=' + scriptyMimeTypes[i] + '"><' + '/script>'); |
| } |
| |
| window.onload = function () { |
| shouldBe('window.scriptsSuccessfullyLoaded', 'scriptyMimeTypes.length'); |
| finishJSTest(); |
| }; |
| </script> |
| <script src="/js-test-resources/js-test-post.js"></script> |
| </body> |
| </html> |